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METHODS AND SYSTEMS FOR AUTOMATED AUTHENTICATION, 
PROCESSING AND ISSUANCE OF DIGITAL CERTIFICATES 

CROSS-REFERENCE TO RELATED APPLICATIONS 

[00011 This application claims priority from U«S. Provisional 

Application Ser. No. 60/328,766, filed October 12, 2001, the 

disclosure of which is incorporated herein by reference. A 

portion of the disclosure of this patent document contains 

material which is subject to copyright protection. The copyright 

owner has no objection to the facsimile reproduction by anyone of 

the patent disclosure, as it apjpears in the Patent and Trademark 

Office public patent files or records, but otherwise reserves all 

copyright rights whatsoever. 

BACKGROUND OF THE INVENTION 

[0002] The present invention relates to methods and systems 

for identification, processing and issuance of server based 

digital certificates. 

[0003] In order to secure information transmitted over the 
Internet, methods have been developed to secure the connection 
between web browsers and web servers. Secure sockets layer 
(SSL) , recently re-named TLS but substantially the same protocol, 
is a protocol designed to enable communications on an insecure 
network such as the Internet. SSL provides encryption and 
integrity of communications along with server authentication 
using digital certificates. However, an SSL connection does not 
ensure the identity of the recipient of the information nor does 
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it secure the information once it is decrypted at the web server. 
Therefore, it is important to be certain that the web server is 
legitimate. 

[0004] It has become common practice to use web server digital 
certificates to authenticate the identity of a web server to 
visiting browsers. A user's browser will access the web server's 
digital certificate when directed to enter a secure session. The 
certificate, which contains the web server's piiblic key is then 
used by the browser to authenticate the identity of the website, 
that is, the web server and to provide the web browser with the 
web server's public key so that the web browser can encrypt a 
session key for use in encryption of transmitted data. Since 
only the web server has the private key to decrypt the user's 
information, such information remains secure. The web server 
certificate is issued by a certification authority. Applicants' 
assignee, GeoTrust, Inc. is a certification authority. Most web 
browsers are published with a number of root digital certificates 
(containing public keys) for OA's already installed and hence the 
web browser will recognize the CA's signature and trust the 
certificate. 

[0005] Generally, in order to obtain a certificate, the website 
owner, the Requestor, will submit a certificate signing request 

(CSR) , or its equivalent, containing the web server's public kjey, 
along with other information, to a certification authority (CA) 
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and the CA, when satisfied as to the identity of the Requestor, 
will issue a certificate containing the web server's public key 
and sign the certificate using the CA's private key. A 
traditional method for vetting the web server Requestor is shown 
in Figure 1. The present invention is directed to methods and 
systems for automating the identification of the web server 
Requestor in issuing web server certificates. 
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SUMMARY OF THE INVENTION 
[0006] A computer system and process for automated 
authentication, processing and issuance of digital certificates, 
wherein web server domain-control vetting is employed in the 
identification and authorization of the Requestor* Domain- 
control vetting, in accordance with the present invention, 
includes the mandatory selection of Approver contact addresses by 
the Requestor wherein the Approver contact addresses, for 
example, email addresses, have been generated based on domain 
information. A Requestor requests a web server certificate from 
a certificate authority, the certificate authority receives the 
request. The certificate authority generates improver email 
addresses/ and the Requestor is required to select an Approver 
email address or addresses. On the other hand, the Requestor can 
sxabmit one or more email addresses and if one or more of these 
email addresses are also certificate authority generated Approver 
email addresses, then the certificate authority can accept the 
Requestor submitted email addresses that match. The certificate 
authority contacts the Approver using the selected email address 
or addresses and requests that the Approver approve issuance of 
the certificate. If approved, the certificate authority accepts 
the request, and creates and signs the certificate and the signed 
certificate is sent to the Requestor. 
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BRIEF DESCRIPTION OF THE DRAWINGS 
[0007] Figure 1 shows one example of the traditional vetting 
process. 

[0008] Figure 2 shows one preferred embodiment of the vetting 
process of the present invention, namely, the QuickSSL vetting 
process • 

[00091 Figures 3a and 3b shows an Initial QuickSSL Premium 
enrollment page in accordance with one embodiment of the present 
invention. 

[0010] Figure 4 shows a CSR Review and confirmation page in 
accordance with the present invention. 

[0011] Figures 5a and 5b show a Order Contact information page 
in accordance with one embodiment of the present invention. 
[0012] Figure 6 shows an Approval selection page in accordance 
with one embodiment of the present invention. 
[0013] Figure 7 shows a Payment page in accordance with one 
embodiment of the present invention. 

[0014] Figures 8a and 8b show an Order Summary and Requestor 
(Subscriber) confirmation page in accordance with one embodiment 
of the present invention. 

[0015] Figure 9 shows a Confirmation page in accordance with 
one embodiment of the present invention. 

[0016] Figure 10 shows a Requestor (Applicant) confirmation 
email in accordance with one embodiment of the present invention. 

5 
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[0017] Figure 11 shows an Approver email in accordance with one 
embodiment of the present invention. 

[0018 J Figure 12 shows an Approver review and confirmation page 
in accordance with one embodiment of the present invention. 
t0019J Figure 13 shows an Approver confirmation page in 
accordance with one embodiment of the present invention. 
[0020] Figures 14a and 14b show a Fulfillment email in 
accordance with one embodiment of the present invention. 
[0021] Figures 15a and 15b show the initial certificate order 
pages in accordance with a second embodiment of the present 
invention. 

[0022] Figures 16a, 16b and 16c show a enrollment form in 
accordance with a second embodiment of the present invention. 
[0023] Figure 17 shows the enrollment form in accordance with a 
second embodiment of the present invention wherein a GSR has been 
pasted into the required field, 

[0024] Figures 18a and 18b show one manifestation of how the 

enrollment form and other pages in accordance with the second 

embodiment of the present invention are interactive and 

self -correcting, requiring the Requestor (Subscriber) to correct 

errors and add omitted but necessary information before 

proceeding. 

[0025] Figures 19a, 19b, 19c and 19d show the enrollment 
information conformation and Subscriber Agreement process in 
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accordance with a second embodiment of the present invention. 
[0026] Figure 20 shows the automatic response back to the 
Requestor (Subscriber) who has submitted the completed 
certificate request properly in accordance with a second 
embodiment of the present invention. 

[0027] Figure 21 shows a version of the email message the 
Approver receives requesting approval of the certificate request 
from the Requestor (Subscriber) in accordance with a second 
embodiment of the present invention. 

[0028] Figure 22 shows information, terms and conditions/ and 
agreements for the Approver to agree to in approving or 
disapproving the certificate request in accordance with a second 
embodiment of the present invention. 

[0029] Figure 23 shows an automated notice confirming the 
approval of the certificate request in accordance with a second 
embodiment of the present invention. 

[0030] Figure 24 shows the web server certificate as issued in 
an email after approval in accordance with a second embodiment of 
the present invention. 

[0031] Figure 25 shows an automated notice confirming the 
disapproval by the Approver in accordance with a second 
embodiment of the present invention. 

[0032] Figure 26 shows a provisioning algorittun in accordance 
with a second embodiment of the present invention. 
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[00331 Figure 27 shows a provisioning architecture in 
accordance with a second embodiment of the present invention. 
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DESCRIPTION OF THE INVENTION 
[0034] The aspects, features and advantages of the present 
invention will become better understood with regard to the 
following description with reference to the accompanying 
drawings. What follows are preferred embodiments of the present 
invention. It should be apparent to those skilled in the art that 
the foregoing is illustrative only and not limiting, having been 
presented by way of example only. All the features disclosed in 
this description may be replaced by alternative features serving 
the same purpose, and equivalents or similar purpose, unless 
expressly stated otherwise. Therefore, numerous other 
embodiments of the modifications thereof are contemplated as 
falling within the scope of the present invention as defined 
herein and equivalents thereto. Use of absolute terms, such as 

"will not will," "shall," "shall not," "must," and "must 

not," are not meant to limit the present invention as the 
embodiments disclosed herein are merely exemplary. 
[00351 This is a description for how the invention would apply 
to automated identification, processing, and issuance of digital 
certificates. For example, SSL server certificates, in this case 
through an Issuer's Web portal. This is only one of many 
potential systems, process flows and applications for the 
invention. 
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A FIRST PREFERRED EMBODIMENT 

[0036] In accordance with the present invention the automated 
methods and systems for Requestor identification may be referred 
to as domain-control vetting, an example of the process for 
domain-control vetting is shown in Figure 2. Domain control 
vetting is the process for verifying that a Requestor has 
permission from an Approver to obtain and install the product. 
The Approver must demonstrate control of the domain. Thus, in 
the present invention the Approver is differentiated from the 
Requestor. The Approver is an individual who has domain-control 
and has the responsibility for approving the Requestor's request 
for a domain-control vetted product (such as QuickSSL) . The 
Requestor is the end user requesting the SSL certificate. In 
domain-control vetted orders the Requestor selects the Approver 
email address from a list of authoritative email addresses. 
[0037] In initiating the request, the Requestor fills out an 
order form including Certificate Signing Request (CSR) , and order 
contact information. See Figures 3a, 3b, 4, 5a and 5b. The 
Certificate Signing Request (CSR) is a block of information 
typically generated by the Web Server software that is meant to 
be submitted to a Certificate Authority (CA) in return for a SSL 
certificate. The CSR provide the Certificate Authority with the 
information necessary to generate the SSL Digital Certificate. 
When the Web Server generates the CSR it is actually generating a 

10 
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Private and Public Key pair. The private key is kept secret and 
the public key is bundled into the CSR. The CSR is digitally 
signed by the private key which proves to the CA that the Web 
Server has possession of the private key (called "proof of 
possession") . 

[0038] Next the Requestor is presented with a list of potential 
Approver emails. See Figure 6. This list may be generated by 
combining domain related information. Disclosed below are three 
types of addresses which may be utilized. Of course there are 
other ways of determining the Approver's email address in 
accordance with the present invention. In this step of the 
process, the choices offered in the form for email address for 
the Approver (Approver Email Address or Addresses) are limited to 
those chosen by the Issuer, and cannot be altered or amended by 
the Requestor. The Approver Email Address choices offered on 
this page (Figure 6) are not created by Requestor or entered into 
the Enrollment Form by the .Requestor, and so the Requestor cannot 
divert or short circuit" the approval process by directing the 
email message requesting official approval of the certificate 
issuance request to the Requestor or to an unauthorized person. 
This provides a security element of the automated process and 
system of the present invention. 

(00391 In the first type, the system obtains the technical and 
administrative contacts from the Whols system- a database 
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mandated by ICANN to be maintained by the domain registrars. In 
the case the system cannot determine the exact role of the person 
it will, in certain instances, pull out any e-mail address, for 
example the e-mail addresses in the response message could be for 
administrative, technical, billing or other e-mail addresses. 
[0040] In the second type, the following list of mail box 
names, namely: admin, administrator, hostmaster, info, root, 
ssladmin, sysadmin, webmaster, or other names, may be 
pre-appended to the 2, 3, 4, ... N component domain of the 
certificate being requested. For example, if the requested 
certificate was for ^'us.secure.geo trust. com'', then the system in 
accordance with this embodiment of the present invention would 
allow the following: admineus.secure-geotrust.com; 
adminesecure.geotrust.com; and admin@geotrust.com for each and 
every of the "mail boxes" listed above. 

[0041] In the third type, '^standard", fixed address sent to the 
CA's customer support group (supporteCA.com) where they will 
address this on a case by case basis. For example, by sending it 
to support@ca.com or supportegeotrust.com. 

[0042] The Requestor chooses an Approver email, reviews the 
order information, agrees to the sxabscriber agreement and 
completes the order, including payment, and can review the order. 
See Figures 6, 7, 8a and 8b. 

[0043] An e-mail is sent to the administrative and technical 
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contacts acknowledging the receipt of the order^ and the Approver 
e-mail is sent to the Approver. See Figures 9, 10 and 11. 
Approver receives email with embedded link to the approval site 
back at the CA and the Approver reviews the order information and 
either approves or rejects. See Figures 11/ 12 and 13. 
Requestor receives digital certificate (and/or other fulfillment) 
via email. See Figures 14a and 14b- 
A SECOND PREFERRED EMBODIMENT 

[0044] The Requestor in this embodiment is either the Web 
domain name registrant who will receive and use the SSL server 
certificate on the site, or a hosting company/ Internet service 
provider or other agent acting upon the registrant's behalf, 
views initial certificate order pages and chooses to "order now." 
This brings Subscriber to a detailed instruction page, including 
technical assistance and hyperlinks to other resources and 
instructions. To proceed. Requestor clicks on "apply now" and is 
taken to the next page. See Figures 15a and 15b. 
[00451 The Requestor completes an Enrollment Form providing 
Requestor Contact and Technical Contact information (including 
email address) for future communications from Issuer. Requestor 
generates a Certificate Signing Request (CSR) through standard 
computer software, and pastes a copy of the CSR in the field 
indicated on the Enrollment Form to request the SSL server 
certificate. This page and other pages contain relevant terms 
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and conditions fox the transaction and process {e.g., references 
to the applicable Certificate Practice Statement* To proceed. 
Requestor clicks "submit." See Figure 16a, 16b and 16c. 
The Enrollment Form showing a GSR pasted into required field is 
shown on Figure 17. . 

[0046] The Enrollment form and other pages in the process are 
interactive and self -correcting, requiring the Requestor to 

correct errors and add omitted but necessary information before 
proceeding. Figures 18a and 18b. 

[0047] After submitting the Enrollment Form, the Requestor is 
asked to confirm basic information elements extracted from the 
Form, including information concerning the Requestor's server's 
fully qualified domain name, organization, organizational unit, 
city, state, and country that was extracted from the CSR 
generated by the Requestor and pasted into the form. This data 
is presented for approval in the exact form that it will be 
inserted automatically in the SSL server certificate generated by 
this process and invention. See Figures 19a, 19b, 19c and 19d. 
[0048] The Requestor is also required to select an email 
address for the official person (the "Approver") associated with 
the domain name who will be asked to approve the issuance of the 
certificate with the specific data elements contained in the CSR. 
See Figures 19b, 19c and 19d. In this step of the process, the 
choices offered in the form for email address for the improver, 
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the Approver Email Addresses, are limited to those chosen by the 
Issuer, and cannot be altered or amended by the Requestor. 
Please note that the Approver Email Address choices offered on 
this page are not created by the Requestor or entered into the 
Enrollment Form by the Requestor, and so the Requestor cannot 
divert or "short circuit" the approval process by directing the 
email message requesting official approval of the certificate 
issuance request to the Requestor or to an unauthorized person. . 
This provides a security element of the automated process and 
invention. 

[0049] The Approver Email Addresses can be generated or 
selected according to different algorithms designed for security 
or other purposes. They may be selected by automated and/or 
online processes which are also part of the automated process and 
invention, or they may be selected by off-line processes. As an 
example, the Approver Email Addresses can be composed some or all 
of the following data and algorithms: (1) elements created 
dynamically and automatically from Issuer or third party data 
sources in response to data or choices made by the Requestor, (2) 
elements created dynamically and automatically from data 
submitted by the Requestor, and (3) elements created dynamically 
and automatically or statically from off-line or pre-set Issuer 
or other algorithms. It should also be noted that alternately, 
instant messaging or other such electronic communication means 
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could be implemented in addition to or in place of email 
technology for this aspect to the present invention. 
[0050] In this case, as shown in Figures 19a, 19b, 19c and 19d, 
the choice of Approver Email Addresses combines all three 
features • For this example, the addresses in the screen shots 
are ''billing0PHPWEBHOSTrNG.COM" and 

''support@PHPVWEB-HOSTING.COM", which are the official contact 
email addresses listed for this domain name in the official 
registries. The two choices in the left column under the heading 
"Authorized Domain Name Administrators" were generated 
automatically and dynamically in real time by looking up and 
recording the official listed email addresses for the 
Administrative Contact and Technical Contact for the domain name 
that is contained within the Certificate Signing Request (CSR) as 
received from the Registrant, as those email addresses are 
registered for the domain in one of many " Whols " domain name 
registries (the "Official Email Addresses"). The domain name can 
be read from the Common Name or CN field in the CSR (using X.509 
format) . 

[0051] In another embodiment, the Requestor's domain name as 
entered into an enrollment form and/or as contained in the 
contact email addresses entered into an enrollment form submitted 
by the Requestor is compared with the domain name contained in 
the CN field of the CSR submitted by the Requestor, and the 
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application is rejected if the two names do not match. 
[0052] In another embodiment, the Requestor's 0 or OU name{s) 
(organization and organization unit), L (city), S (state or 
province), and/or C (country) information contained in the CN 
field of the CSR submitted by the Requestor is compared with the 
corresponding data submitted by the Requestor or other data, and 
the application is rejected if the two names do not match^ IN 
still yet another embodiment the proceeding comparisons are both 
employed. 

[0053] These automatic and dynamic features can (1) provide 
additional protection against fraud or mistake, (2) help ensure 
that the CSR is only approved by an authorized person associated 
with the domain name that is the CN of the certificate, and (3) 
help ensure that the certificate is delivered to persons 
associated with the domain name that is the CN in the 
certificate. 

[0054] The process could also include an automated checlc of any 
public or private information source via the Internet or any 
other communications means, including the Issuer's own data or 
the data of an official or unofficial third party source, 
followed by a comparison and decision process (e.g., approval or 
rejection), and this subprocess could occur at any time in the 
enrollment and certificate request and issuance process. 
In accordance with this algorithm, the chance of fraud or error 
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in generation and delivery of the certificate to the wrong party 
is sxibstantially reduced. In this case, the checking of the 
Official Email Addresses associated with the domain name 
contained in the CSR occurs automatically after the Requestor 
submits the Enrollment Form with the CSR pasted in, and the 
subsequent Enrollment pages were modified by using the 
information obtained through that automatic checking of a third 
party data source. 

[0055] Other Approver Email Address choices are included in 
three additional columns to the right shown on Figures 19b/ 19c 
and 19d. These addresses were selected by the issuer using the 
other two data and algorithm sources described above: (1) 
elements created dynamically and automatically from data 
submitted by the Requestor; and (2) elements created dynamically 
and automatically or statically from off-line or pre-set Issuer 
or other algorithms. In this case, the Approver Email Addresses 
listed in the thriee columns to the right on Figures 19b, 19c and 
19d include: (1) the Level 4 domain name contained in the CSR 
(i.e., elements created dynamically and automatically from data 
submitted by the Requestor) and (2) prefixes consisting of the 
most commonly-used official email contact addresses for domain 
names (i.e., elements created dynamically and automatically or 
statically from off-line or pre-set Issuer or other algorithms) . 
These alternatives are offered in case the Requestor (which may 
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include a hosting company or Internet service provider^ as 
described above) wishes to choose a different Approver Email 
Address from those dynamically generated based on the official 
domain name registry information (for example, because the domain 
name registrant has delegated the upkeep and operation of the 
associated Web site to the hosting company or Internet service 
provider, who is applying for the certificate on the domain name 
registrant's behalf). 

[00561 In other circimstances, the Approver Email Address 
choices could be composed of all three of the data and algorithms 
sources described above, or any combination thereof, or any other 
relevant sources. 

[0057] As shown in Figure 19d, the Requestor in this embodiment 
is required to agree to a Requestor Agreement with the Issuer 
before the process can continue. Clicking "I Agree" triggers the 
next step. 

[0058] Figure 20 shows an automatic response back to the 
Requestor who has submitted the completed certificate request 
properly, and includes instructions for further communications. 
Figure 21 shows a version of the email message the Approver 
receives requesting approval of the certificate request from the 
Requestor. It contains a hyperlink taking the Approver to the 
Issuer's approval site. Because of the invention features 
described in connection with Figures 19a, 19b, 19c and 19d above, 
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this message and link to an approval page can only go to one of 
the Approver Email Addresses offered by the Issuer based on the 
selected algorithms* 

[00591 The Issuer's approval site may contain additional 
information, terms and conditions, and agreements for the 
Approver to agree to, or may simply contain a button, or other 
mechanism, allowing the Approver to approve or disapprove the 
certificate request. Because of the invention features described 
in connection with Figures 19a, 19b, 19c and 19d above, this 
approval step can only be taken by an individual associated with 
one of the Approver Email Addresses offered by the Issuer based 
on the selected algorithms, thereby enhancing authenticity and 
security in the certificate issuance process. See Figure 22. 
[0060] If the Approver approves the request, the Approver (and 
others, such as the other contact persons listed in the original 
Enrollment Form) receives an automated notice confirming the 
approval. See Figure 23. Because of the invention features 
described in connection with Figures 19a, 19b, 19c and 19d above, 
this approval message will necessarily be sent to an individual 
associated with one of the Approver Email Addresses offered by 
the Issuer based on the selected algorithms, thereby enhancing 
authenticity and security in the certificate issuance process. 
[0061] If the Approver approves the certificate request, the 
Issuer's Certificate Authority automatically and dynamically 
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generates the certificate and sends it by email to the Approver 
(and others, in accordance with the particular embodiment, such 
as the other contact persons listed in the original Enrollment 
Form). See Figure 24. 

[0062] A sample automated message transmitting the digital 
certificate is shown as Figure 24. The message may also contain 
instructions or hyperlinks to instructions for installation. 
Because of the invention features described in connection with 
Figures 19a, 19b, 19c and 19d above, a copy of this certificate 
transmittal message will necessarily be sent to an individual 
associated with one of the Approver Email Addresses offered by 
the Issuer based on the selected algorithms, thereby enhancing 
authenticity and security in the certificate issuance process. 
[0063] If the Approver disapproves the request, the Approver 
(and others, such as the other contact persons listed in the 
original Enrollment Form) receives an automated notice confirming 
the disapproval. See Figure 25. Because of the invention 
features described in connection with Figures 19a, 19b, 19c and 
19d above, this disapproval message will necessarily be sent to 
an individual associated with one of the Approver Email Addresses 
offered by the Issuer based on the selected algorithms, thereby 
enhancing authenticity and security in the certificate issuance 
process. In the process described in Figures 23, 24 and 25, if 
the improver rejects the request, they can not later approve it. 
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If they approve it^ they can not later reject it. The state is 
changed. 

ADDITIONAL EMBODIMENTS 

[0064) Alternative process feature: The Enrollment Form can 
request payment information (e.g., credit card information) from 
the Requestor, and the process can automatically and dynamically 
check for payment authorization and post the charge upon approval 
of the certificate request by the Approver. As a further 
alternative, information gained through the automatic payment 
process can be used for comparison and/or verification of other 
information contained in the Enrollment Form and/or GSR, and 
further process decisioning (e.g., accept or reject) can be based 
on specific algorithms. 

[00651 Having now described preferred embodiments of the 
invention, it should be apparent to those skilled in the art that 
the foregoing is illustrative only and not limiting, having been 
presented by way of example only. All the features disclosed in 
this specification (including any accompanying claims, abstract, 
and drawings) may be replaced by alternative features serving the 
same purpose, and equivalents or similar purpose, unless 
expressly stated otherwise. Therefore, numerous other 
embodiments of the modifications thereof are contemplated as 
falling within the scope of the present invention as defined by 
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the appended claims and equivalents thereto. 
[0066] For example, the techniques may be implemented in 
hardware or software, or a combination of the two. Preferably, 
the techniques are implemented in computer programs executing on 
programmable computers that each include a processor, a storage 
medium readable by the processor (including volatile and 
non-volatile memory and/or storage elements), at least one input 
device and one or more output devices. Program code is applied to 
data entered using the input device to perform the functions 
described and to generate output information. The output 
information is applied to one or more output devices. 
[00671 Each program is preferably implemented in a high level 
procedural or object oriented programming language to communicate 
with a computer system, however, the programs can be implemented 
in assembly or machine language or other computer language, if 
desired. In any case, the language may be a compiled or 
interpreted language. 

STILL ADDITIONAL EMBODIMENTS OF THE PRESENT INVENTION 

[0068] In another embodiment of the present invention the 

Requestor may engage a partner of the CA to assist in. obtaining 

the certificate for the Requestor. The partner may perform 

varying levels of the ordering process workflow. 

[0069] A telephone verification step could be added to the 

process where by the person requesting the certificate, or the 
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Approver are called via a computer program and asked to enter 
some information that is displayed on the web browser. The 
intent of this is to collect another verified piece of 
information - the phone number (in addition to the Approver 
e-mail address) to reduce risk and improve security while at the 
same time making this an automated, quick process. The person 
called may be requested to say something that is then recorded by 
the system. This voice print can be used later to verify user 
identity if needed (for example, by law enforcement) . At the 
very least, a voice recording further inhibits attempts at fraud. 
[00701 For example, when the Requestor gets to the order 
summary page and presses confirm a new page is displayed with a 
code (PIN) on.it' and some instructions. They are asked to be 
ready for a phone call at the specified phone number (entered as 
part of the contact information earlier, or from a corporate data 
registry (DUNS or similar) , or from the Whols server data, or 
other sources) . They agree, then the system calls them and asks 
them to enter the PIN into the phone when prompted. They are 
also asked to say their name and other information which is 
recorded for later use. The phone system passes this PIN back to 
the enrollment engine where the values are compared. If 
successful, the system has verified that the Requestor is at the 
particular phone number and this creates a better audit trail for 
finding this person later and reduces the risk of fraud. 
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[OOBO] If the Approver is the individual to be called (as 
opposed to the Requestor as described above )^ the phone call 
would be performed after they receive their Approver e-mail > come 
to the Approver site, review the order and press the Approve 
button. At that point the system would call them and perform the 
verification. If successful, the system would then issue the 
certificate. 

[0081] Another embodiment of the present invention would also 
employ corporate registration data. A record for each 
order/company in a public registration database would be created 
or accessed with a globally unique identifier with user disclosed 
information about them or their company - much like DUNs nxmbers 
today (www.dnb.com) . Thi^ is currently a perceived important 
aspect of traditional vetting where companies are highly 
encouraged to get a DUNs number by self -reporting some 
information about the company. This would preferrably be a 
globally unique ID that can be used to track the certificate back 
to some additional identifying profile information. 
[0082] This profile data would be linked to and from the 
certificate (which would have the number included, and probalply 
the URL to the data), and perhaps elsewhere at the CA. Users 
would be able to opt-out of this data being published if they 
desired. The CA would collect the information, post to this 
repository, create or obtain the globally unique number, and 
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include it in the certificate for the user. Currently users need 
to go and do this prior to requesting the certificate, so this is 
a quicker, easier process. Finally/ if users have a number 
already, they can enter it during enrollment and the CA would 
link to that previously registered entity. 
[0083] Use of DNS server ownership for verifying domain- 
control. In the case a CA partner is hosting the Requestor's web 
site, such service normally includes entering and maintaining the 
DNS entry. This is a mapping between the domain name and the IP 
address where the server actually resides. Every web connection 
made by a browser looks up the domain name in a DNS server, 
obtains the IP address, and then connects to that IP address. If 
an entity has has control over the DNS server for this domain, it 
has control over the domain. 

[0084] If a request for a certified for domain name 
"domain.com" is from a partner (Partner A), the CA can do a DNS 
look-up and find the authoritative DNS server for this domain. 
The CA can compare this with the list of DNS servers registered 
with us for Partner A. If they match, the CA can automatically 
approve the request, generate the certificate and e-mail to the 
requestor, tech, billing and Partner A registered contact, or 
send an approval e-mail to a previously registered e-mail address 
for Partner A. As before, it should also be noted that 
alternately, instant messaging or other such electronic 
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communication means could be implemented in addition to or in 
place of email technology for this aspect to the present 
invention. 

[00851 Each such computer program is preferably stored on a 
storage medium or device (e.g., CD-ROM, hard disk or magnetic 
diskette) that is readable by a general or special purpose 
programmable computer for configuring and operating the computer 
when the storage medium or device is read by the computer to 
perform the procedures described in this dociment. The system 
may also be considered to be implemented as a computer-readable 
storage medium, configured with a computer program, where the 
storage medimn so configured causes a computer to operate in a 
specific and predefined manner. For illustrative purposes the 
present invention is embodied in the system configuration, method 
of operation and product pr computer-readable medium, such as 
floppy disks, conventional hard disks, CD-ROMS, Flash R(MS, 
nonvolatile ROM, RAM and any other equivalent computer memory 
device. It will be appreciated that the system, method of 
operation and product may vary as to the details of its 
configuration and operation without departing from the basic 
concepts disclosed herein. 
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CLAIMS 

We claim: 

1. A computer system for automated identification, processing 
and issuance of digital web server certificates, wherein 
domain-control vetting is employed in the identification and 
authorization of a Requestor. 

2. A computer system according to claim 1, which functions in 
accordance with Figure 2. 

3. A computer system according to claim 1, which functions in 
accordance with Figure 26* 

4. A computer system according to claim 1, which functions in 
accordance with Figure 27. 

5. A computer system according to claim 1, which functions in 
accordance with Figures 3a to 14b. 

6. A computer system according to claim 1, which fxinctions in 
accordance with Figures 15a to 25. 
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A computer system for automated identification, processing 
and issuance of digital certificates comprising: 

a. means for a Requestor to request a web server 
certificate from a certificate authority; 

b. means for the certificate authority to receive the 
request; 

c. means for the certificate authority to obtain domain 
information for a domain for which the certificate is 
being requested; 

d. means for generating Approver email addresses from the 
domain information; 

means for the Requestor to select Approver email 
address or addresses; 

f . means for the certificate authority to contact the 
Approver using the selected email address or addresses 
and requesting that the Approver approve issuance of 
the certificate; 

g. means for the Approver to deny or approve the request 
for issuance of the certificate and inform the 
certificate authority of its denial or approval; 

h. means for the certificate authority to create and sign 
the certificate; 

i. means for sending the signed certificate to the . 
Requestor. 
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A computerized process for automated identification/ 
processing and issuance of digital certificates^ comprising 
the steps of: 

a. a Requestor requests a web server certificate from a 
certificate authority; 

b. the certificate authority receives the request; 

c. the certificate authority obtains domain information 
for the web server; 

d. the certificate authority generates Approver email 
addresses from the domain information; 

e. the Requestor is requested to select Approver email 
address or addresses; 

f . the certificate authority contacts the Approver using 
the selected email address or addresses and requests 
that the improver approve issuance of the certificate; 

g. the certificate authority denies the request if not 
approved or for any other reason; 

h. the certificate authority accepts the request if 
approved/ and creates and signs the certificate; 

i. the signed certificate is sent to the Requestor. 

A computerized process for automated identification, 
processing and issuance of digital certificates, wherein web 
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server domain-control vetting is employed to automatically 
generate a plurality of mandatory web server Approver email 
addresses for selection by the certificate Requestor. 

10. A computer process according to claim 9, wherein the 
mandatory web server Approver email addresses are determined 
in accordance with the process shown in Figure 2. 

11. A computer process according to claim 9, wherein the 
mandatory web server Approver email addresses are determined 
in accordance with the process shown in Figure 26. 

12. A computer process according to claim 9, wherein the 
mandatory web server Approver email addresses are determined 
in accordance with the process shown in Figure 27. 

13. A computer process according to claim 9, wherein the 
mandatory web server Approver email addresses are determined 
in accordance with the process shown in Figures 3a to 14b. 

14. A computer process according to claim 9, wherein the 
mandatory web server Approver email addresses are determined 
in accordance with the process shown in Figures Figures 15a 
to 25. 
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A computer system for automated identification, processing 
and issuance of digital certificates comprising: 

a. means for a Requestor to request a web server 
certificate from a certificate authority; 

b. means for the certificate authority to receive the 
request; 

c. means for generating Approver email addresses by pre- 
appending a mail box name to the 2, 3, 4, ... N 
component domain of the certificate being requested; 

d. means for the Requestor to select Approver email 
address or addresses; 

e. means for the certificate authority to contact the 
Approver using the selected email address or addresses 
and requesting that the Approver approve issuance of 
the certificate; 

f. means for the certificate authority to deny the 
request; 

g. means for the certificate authority to accept the 
request/ create and sign the certificate; 

h. means for sending the signed certificate to the 
Requestor. 
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The bitRno eentaci wn racaiva tha lacaipi Ibr tha pvivhaaa wtian a cradit cafd Is uaa^ 
O N«w contact 

[Ojsama aa Admlnlatrater Contact 
O Sama aa Tadmleal Cantact 
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QQuickSSL Premium Enronment > Microsoft Internet Exptorer 






£le Ida View F^voiites Joots Ketp 







Buy Now 

- tnstati CertiRcate 
«» Install Smart Seal 

COMPATIBILnY 



Site Admlnrstrator Contact Information 

Th* admirystraUv* contact Is thm primary contact and vvUI ba contactad to assist in raaolutlon of any 
quaatlonsabt 
FlfstNama* 



MANAGEMEirr 


IDOUQ 


t iBeattie I 








■.Tedvilcal Support 


Phofia Nufiibar * 


Emill Addraaa * 




1781-263-4108 


1 |dougb@geotrustoom | 



Technical Contact Information 



Tha Tachnical contact wID racaive iha certiScata and ganaraiiy Im tha individual to Install tha cartiOcata 
on thawab aam. Thay wiOalso racalvaranMrt noticaa whan the cartHlcata naaia axpimtion. 

O Maw contact 

© Cback hara If aama aa Admlntstrator Contact 



Bating Contact Information 



J L 



Tha binino eontoet wa i»calvo tha facaJpl tor me pwchaaa whan a cradn ca^ 



0 8ama aa Admlnlatrator Contact 
O Sama aa TactwUcal Contact 



3C 



Phona Numbar* 



DC 



Continue 



OaoTrurt,lnc.AB»lBWifaaafvad. 



FIG. 5b 
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a QudcSSt Premium EnroUment > Micfosoft mtemet ExplOfef Ej^Bj 
Rte Eda Viflw Favorites loob flelp I '-^ 



D^GeoTrust- 









QuIckSSL" Premium 



ORDEmNG 

^ GanerateCSR 

-BuyNow 

COMPATlBILmr 

- Browsers 

-Servere 

MANAGEMENT 
-MwlcalSiaDOtt 



G^GMTnnrihMSit* 
G«oTru»t Inc. 



QuickSSL Premium Enrollment 
Apf»rDval of your Certificate Request 

TtM GaoTnist Quh*hgff<. •efVlCB r«llw upon ttw Sot>«:r«>«f or m« Sub^crtbar*! •uthorized admlnUtr»tor 
tomrm sacMtlflcswrvqumti for •« hosts in the domain, lu imiwrtant that you Miect tho oofTKt 
auSofizod admMslralor below. By •etocfing authonzod administrator, you warrant to G«oTniat 
that the Mivldual to authofttad to approv* tha request Yburraqooat for a GaoTrust QuickSSL sanrar 
cafVflcata will not bo proce«a«l bayond thia point if yoo salacl an Incorract a-mall addraaa. 

Registered Domain Contacts 

Wa hava succassfUOy obtalnad domain c on t acta lor this domain from tha domain laolstrar. 
© hostmastor^gaotrustcom lUgtotarad Domain Admin contact 
O wabmaatar©flaotnj«t.com RsQlstarad Domain Taeh contact 

Alternate Approval e-maP Addresses 

The foUowino approval a-maO addrasaaa can ba uaad. "Vtou must maka •»*• . - _ 
has bean sat up and to ovaSaWa bafora you submll thto ordar. or tha appfoval a-mal win not ba 
daOvarad. 

I.avsl 2 Domain Addraasaa 
O admlnOgaotnatxom 
O admMalMoregaotniatcofii 
O hoaknaatarQgaolnjstcom 

O mtoOgeolnjstcom 

o« 
o« 

O syaadmln^Jvootrustoom 



t.aval 3 Domain Addrasaas 
O admln(8testeootnistxom 

O admlnto»»tor«tatt«aotruaLeon. 

O hottmaatareiattoaoMLeem 

O bifo^tastgaobvstoom 

O foot ^tasL Bao tm aLoora 

O siladrT«iOlasLgeetrwleofn 

O aysadfTdnQtastgaotoustoom 

O wabfnaatarQtaatsaoMtcem 



Manual Approval Option 

if you ara unabia to WantHy a auitabla app«o^ from dia Osl J^f^I^jJ^ri;^ ^ 
apK and OaoTnjat cuatomar support w« pmeaaa thto raqimat mamiaay. Moto 

twebualnaaa daya longar but can ba iisatf aphan aChar of^^ 



O GaaThiat Manual Appnyvii 

I Contmua I 



O2002 OaoTntst Inc. Afl dghta rasarvad. 
Ptivey PoUca Tamf •nO Con OWona. 
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pQiiicfcSSL Premium Eitfottment > Microsoft imemet Exptofer 



Di)Geo Trust' 




ORDERING 

- Generate CSR 
-Buy Now 
- InstaaCeitHteats 

Install Swart S»al 

COMPATIBILITY 

— Browsers 
-Servers 

lyiANAGEMENT 
- CPS 

— Teciwtfcfll Suppo rt 



O^OeiAhisrTnwSlte 
OMTrust Inc. 



QuickSSL Premium Enrollment 
Payrnent Information 

PtoMtt •nitr yeuf paymerrt inlormatteft betewr. . 
CrBdltCar^iyp** Ci»dtt Card W«fnb«r • 



Upon comptetten of tf»ls onSor and ifeDvery of th« c«rtIfteato to yoo. your crodll cart wW ba charged 
$2.00 USD. TNa prtce waa calculated baaod on your wloctlona of order cptiona. If thia price la not 
coiracl. pieasa do not prooeed. 



Cofififitio 



02002 OeoTfvst. Ine. AS rigMa reservod. 



IS 



FIG. 7 
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B QuickSSL Pfemium Enroilment - Mciosflll trtemet Explorer 



Be gdft View Favontas Joolt He^p 



[i)GeoTrust* 








QuickSSL" Premium 



ORDERING 
- Genefate CSR 

— Buy Now 

— InstaO CyfiKcat^ 
wtratafl Smart Seai 

COMPATIBtUTY 

— Browsers 

-Saw 

MANAjGEMENT 
-CPS 

— Technicol Support 



G«oTni»llne. 



QuickSSL Premium Enrollment 
Order Suirmiary 

PIMM r*vl«w ttM Informaten oo ttds p»g* and agrM 
comptatMl tMs mvtaw. piMM subniil your ordor for 



Order Iriformatlon |Edit| 



VUldlty Period: 12 months 
W«b Sonrw: MleroMlt IIS 5.0 



CSRInfoonatlon |Edit| 



Conimon Namo:ta«Lgeotnistcofn 
Ofiafilzatlon: GooTmst 
Ore.Uiift GooCwiter 



NoU: Tbo vahjo tar Common NofM must oocactly match 
Site Contacts |Edlt| 



BmSIo 781-263^106 douobOOMtrusLoom 
BoatOo 761-269-4106 dougbOgooUuttcem 
Boettfo 781-269-4106 doupb^Mvstcom 



ttM saivor you plan to socurs. 



Approver Information |Eda| 



Upon MJbmlMlon of tNs order, on o-mall wm bo sent to 
Booeuntmuit bo ocdvo ond roady to rsoslvo o<-maB, 

Approwsro-maB:! 



the foRowtng e-mal addrees. This eiral 



Bining InfBnnalion 



FIG. 8a 
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(BQuicKSSL Premium Enrollment - Microsoft Internet Explofef 



□SIB 



fie &fl View Favorites Tools Hdp 



Approver Information |Edit| 



upon Mibmlsslonormis order, an «-fn»a w« b« tent to II 
■eeoun! must bo •ethro and roady to focelvo owiwn. 

AppVWfOC 9 HUlIl r 



BiBing Information |E(fitJ 



CrodttCartfBfand: VISA 
;5105 
12/04 

CMItoMw Namo: GooTruat 

Upon oomploflon of ttHa ordor and doflvwy of Iho 
$2.00 USD. Thio pftctt waa caleulalad baaad on your 
covrod. plaaso do not procoad. 



to you. your cradlt card M«l bo ctnf9«d 
of ovdar opUona. If Ihia prteo ta not 



Ceftiiicata Replacement PoHcy 

GaoTrust vmD reptoco. ravoka. and rahmd cartlllcataa that havo boon issuod within 8av*n(7>d 
onhfofftocaftUicato iMuo data. U you naod a now eartllcata artar •wran daya. you wUJ bo 
mponsMo for purchasing • now aan^ar GorlWcalo. 



QuIckSSL Subscriber Agreement 

Plaasa caraftjJly raad Iho liDlloiMng agroaiiMnt. I 



QUICKSSL(ta) SOSSCftlBBR AGRBBHSNT 

Please read the follo«i&9 agreeneiit catefvlly. By 
sobmittin9 an applieatioB to obtaia a OaickSSL(tm) 
Certifieate and acctptibg and ailn? such certificate, 
yon indicate the acceptaaee ot the folloviaq terns and 
eonditiOBS aad yoo sfree to be boned by then. 



This GaoTrost QaiekSSt(tm) Web Server Certifieate 
Subscriber Agreement (this •Agreenenf) is aade by and 
between CeoTrost Inc. CCeoTrnsf) and yoo, • 
certificate applicant and goTeree yonr application _ 
for, iaaoance and ose of a Ceetrnst QnichSSt Web 



01 - 

CScfc t»o Submil Order button (below) to sond your QuickSSI. onroOmant t nte nwaSon to GooTnAt 

Tho proeaos may tako a low aa«nd» to coirpteta. You naad to click -Subi^ 
racslvo your order ID on the next s craanwlth instructions rogardkio next stops. 

I Submit Ord«n 

03002 OaoTfwat Inc. AS rights r 
» and Com 
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ll B QuickSSt Premium Eruoflment * MiCTOSoft Internet Exptofpf 



£|to Ids ^ fawtes lools He» 



[^Geo Trust* 



IMr«M«roiOINKMMtflON SECUWrY 



QuickSSL~ Premium 




ORDERING 
~ Generate CSR 
• Buy Now 
- Install Certificate 
- Inslaa Smart Seel 

COMPATIBUTY 

- Browser^ 

- SeyyefS 

MANAGBXEMT 
" CPS 

-Tectwical Support 



QuickSSL Premium Enrollment 

Thank you for your QuickSSL Premium certificate request 

Your onler nuntber is : 8337 

An ewnaU menage has been eenl to tha eatodetf appfower raquesUno the approval of ttHe 
recpMst Aa eoon aa they rsceiw Oito ennal and ceme to the appf«ival site, your cwtilk^ 
gMMratedandaHnalledtoyoii. If you hawe any quaattona, pieaae contact Gep-yryst Suppeil 



[%)Gedlhnr'Oi»Sas 
GvoTrusttnc 
2ft«cp«2 21:26 GMT 



C2002 GopTtyst, Inc. A H itghte rwerved. 
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BQuickSSL Premium Order received for Domain test.9e0trust.com - Message (Plain Text) - □[HEl 



3C 



Z1|4|b ^ b| 



:= j= 1^ €s 

I— -f -r 



File Edtt View {nseit Fgnnat Joob Actions Help 



|g^Beply |g<?ReplYtoAP ^gFoi^ | Q [ V | QB X 



From: supportcd@geotnjstoom 

To: doug beattle 

Cc doug beattie 

Subject QuickSSL Premium Order received for Domain testgeotnisLcom 



Sent Thu 9/26/2002 5:33 PM 



OrderlD: 8337 



ThanX you for your QuickSSL Premium order. An email vill be sent to the 
designated approver with instructions on how to approve your 
certificate request for test. geotrust. com. 



Sincerely, 

Rapid Response Unit f GeoTrnst 

#*#***♦*♦»*♦♦*♦*♦♦♦♦*»*♦♦♦•*•*♦***•*♦♦♦•♦*♦*•♦♦*♦**•♦****•♦*********** 

* This message contains information from GeoTrust, Inc., which 

* may be confidential and privileged. If yoa are not an intended 

* recipient, please note that any disclosure, copying, distribution 

* or use of this information is prohibited. If you have received 

* this transmission in error, please immediately send notification 

* to 8upport0GeoTru8t«com. 

* For support issues please contact GeoTrust att 

* e-mail: 8upport9geotrust.com 

* Telephone: 866-6eoTru8t (436-8787) Toll Free (United States) 

* Telephone: -^1-678-942-0400 (International) 

* Fax: ♦1-770-360-9571 

* Hours of Operation: K-F, 8:30am-5:30pm EST 



- 
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BQuickSSL Premium Certificate Request Confirmalion - Message (Plain Text) - US-ASCII □ (g) E 




Ifilo Edit View Insert Ffirmat Jools flcfions Help 


iB^Reply jSS^ReplyloAII ^Foiwaid S V tgX 0-0-A*|Q- 




From: support@geotrustcom Sent Fri 9/27/2002 7:13 AM 

To: hostmaster 

Co: 

Subject QuickSSL Premium Certificate Request Confimiation 


Dear Donain Administrator, 

The person identified below has requested a QuickSSL Premiuia certificate for: 
https : / /test . qeotrust • com 

Applicant information: 
Name: Doug Seattle 
B^mail: dougb0geotru8t.com 
Phone: 781-263-4108 

Doug Seattle requests that you come to the ORL below to review and approve 
this certificate request: 

https i//cu6tdev. qeotrust. com/ssl/quickssl premium. do7pinsA105989900 
If you have any questions, please contact the person identified above, or 

fiAAf'Tiiaf fin pinnr-f' tk¥ ht^n t //%fWW . aao^mfit . COn/cUStOtter SUDDOrta 

qCQCrUSb OUPPwAb Qfc Ofcfcp i // www . ^CUfc* M» W • will, fcWiiiw* awKKvA^a 

sincerely, 

Rapid Response Unit ( GeoTrust 


A. 


* This message contains information from GeoTmst, Inc., which * 

* may be confidential and privileged. If yon are not an intended • 

* recipient, please note that any disclosure, copying, distribution * 

* or use of this information is prohibited. If you have received * 

* this transmission in error, please immediately send notification • 

* to support0GeoTrttSt.com* * 

* ♦ 

* For support issues please contact GeoTrust at: * 

* e-mail: support0geotrust.com * 

* Telephone: 866-6eoTrust (436-8787) Toll Free (United States) • 

* Telephone: 'i»l-678-942-0400 (International) * 

* Fax: +1-770-360-9571 * 

* Hours of Operation: M*F, 8:30am-5:30pm EST * 
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gjOuickSSL Premium Review and Approval - Mlcrosott Memet Expterer 



Rte Eda ^ Ffflorites loob Help 



(i|)Geo Trust' 



QuIckSSL" Premium 




OROERIHG 
- QenerateCSR 
-Buy Now 
-In^taBCeittficait 
- tnstaa Smart Seat 

COMPATIBILITY 
- Browsew 
Servers 

MANAGEMENT 
- CPS 

- Technical Supocit 



I^OMTnnrTfMSto 
GMTrwt Inc. 

Authanae Slte 



QuickSSL Premium Review and Approval 

Order Approval 

Ptees* r«yl«w ttw tntormation below end either epprtsv. or re|eci chb certWoito f*^*- " J^** 1)*^ 
any quwflorw about tW» C«rt5c«te request. y«J may contact cm© of Ihe indtvk^ale Ostad b«low. or 
QeeTnwt Suppcwt 

Order Information 

OmerlO: 6337 

vendttydnoflittie): 12 

Web Serven Microeoft DS 5.0 

Certificate Information 

Common Nam*: testoeolnistxom 
Orgenlatlofi: teetgeotrustcom 

Oro.Unll: Domain Coiilrel VWWatod - 0»pa«lMlk>n 1^ 
Oro. Unit: S«e www.eeotn»txoni/qulcfc8etfcps (c)02 
Coufttry: US 

Stte Contacts 



Roto Name Pherw £J!sa 

AppOcant DougBeeflto 7ai-26»4108 tfouBbOgeotnistxam 

-Mmlcal OeuoBeento 7ai*26»4108 douebesMiatxom 

Bnnno Oou0Betttlto 7S1-263-4108 deuobegMttuttxom 

Reese eetect one of Iho option* belo«* If you epprove tWe reqiiett. lh» cer^^ 

inwdlelely oenereied. »e oedft cerd w«B be chfsed Qf «Pgcafale). end »• J!?u^ 

meOedlolilWeodedmclrtente. Pleeeeprees mebuttmbelowon^ 



I lApprpve II IDoNotApprove 



€8002 GeoTnjst Inc. AO ilflNs leeerred. 
•aneCosdMofa. 
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BQuickSSL Premium - Microsoft tnta/ne< Exptoref 



GOBI 



Eile §dil ^ Favorites Jooti Help 



[^GeoTrust' 




ORDERING 
- Generate CSR 
-Buy Now 

— tfistaB CsrtWcate 

— tnstafl Swart Scat 

COMPATIBILITY 



QufckSSL Premium Approval 

Order Successfully Approved 

Orrt«rlO:6337 

Your ontor has Buocassfully bMn approved and tha 
hawa any quattJona. or if you dont racafva your 



cartificata in a few 



bo a-maDad ihoitfy. ITyeu 
minutas, plaaaa contact GaoTnisI 



MANAGEMENT 
- CPS 

- Technical Support 



G«oTntsllnc 

27.St^ 11:10 GWT 



C9002 OooTnial. Inc. AO rights (asarvad. 
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Btestgeotrustcom QutckSSL Premium Order: 8337 Complete - Message (Plain Text) - U$-A..JI] [glSI 

-IHZI3I4I^^ I u\mm 



:E i= IF IF = V 



I Fite Edil View jnsert Fonnal lools Actions Help 



From: suppor1@geotnjstcom 

To: doug beattie 

Cc: doug beattie; hostmaster 

Subject: testgeolrustcom QutckSSL Prenrrium Order 8337Cornplete 



Sent: Fri 9(27/2002 7:17 AM 



Congratulations! Your GeoTrust QuickSSL Premium Web server certificate 
is pasted below at the end of this message, 

certificate installation instructions for many popular web browsers are 
located at: 

http: //www, geotrttst.com/quiclcssl/ install/index. htm 

To install your QuicJtSSL Smart Seal, you can follow the instructions 
located at; 

http;//vvw.geotrust.com/quic)cs8l premium/install seal. htm 

Thank you for choosing GeoTrustt If you have any questions about your 
GeoTruet QuickSSL web server certificate please email us at 
8ttpport«geotrust.com. We hope that you will tell others about your 
positive experience with us. 



Sincerely, 

Rapid Response Unit 0 GeoTrust 



This message contains information from GeoTrust, Inc., which 
may be confidential and privileged. If you are not an intended 
recipient, please note that any disclosure, copying, distribution 
or use of this information is prohibited. If you have received 
this transmission in error, please immediately send notification 
to support0GeoTrust.com. 

For support issues please contact GeoTrust at: 
e-mail t sopportSgeotrust . com 

Telephone: seS-CeoTrust (436-8787) Toll Free (United States) 

Telephone: +1-678-942-0400 (International) 

Fax: +1-770-360-9571 

Hours of Operation: M-F, 8 :30am-S:30pm EST 



FIG. 14a 
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Qtestgeotrustcom QuickSSL Premium Order 8337 Complete - Message (Plain Text) - US-A..Q[gl[x]| 


|i HI H|| H14I B / y ^ ^ ^ b b IF IF - ^ 


IeDo Edit View insert Fsimat lools Actions tjelp 


|8<>Beply i?<i>ReplytoAp |^9i^)rward ^ (gX ^-O'-A'Q- 




From: support@geotnjsLcofn Sent FH 9/27/2002 7:17 AM 

To: doug beattie 

Cc: doug beattie; hostmaster 

Subject testgeotrustcom QuickSSL Premiwn Order 8337Comple!0 


* this transmission in error, please Immediately send notification * 

* to 8upportiGeoTrast.com. * 

* For support issues please contact GeoTrust at: * 

* e-mail: supportigeotru8t.com * 

* Telephone: 866-GeoTrust (436-8787) Toll Free (United States) ♦ 

* Telephone: ^1-678-942-0400 (International) * 

* Fax: +1-770-360-9571 ♦ 

* Hoars of Operation: M-F, 8: 30am-5: 30pm EST * 
***t****t«*«**ft***t********«** ********************* ******************* 

Yoor web Server Certificate: 
BEGIN CERTIFICATE 

MIIDijCCAnKgAwIBAgICCykwDQyjKo2IhvcNA0EFBQAwdTELMAkGAlUEBhMCVVMx 
FjAUBgHVBAgTDUlhc3NhT2hlc2VOdHNxETAPBgNVBAoTCEdlblRydXNOMROvGvTD 
VQQLBxRDdXllOb21IciBBZXZlbG9wbWVadDEcMBoGAlUEAxNTR2VvVBJlc3QgVGVz 
dCBDTVMgNTAeFvOvMjA5MjcxKTE2MjhaFvOwHjEvMDQxMTB2HjhaMIG3MQ6VCQyD 
VQQGEvJVUzEaHBgGAlUEChMRdGVzdC5nZW90cnVzdCSjb20xMDAaB9HVBAsTJlHl 
ZSB3d3cuS2VvdBJlc3QuT29tL3FlaHNrc3NsL2NvcyAoYy)cwMjE+MDvGAiaBCxMl 
RG9tYHluIENvbnRyb2wgVmFsaWRhdGV)cICOgT3JnyW5pcmFOaH9uIB5vdCBWywxp 
ZGFOZHQxGjAyBgNVBAHTEXRlc3Qa22VvdBJlc3Qay29tHI6fMA06CSqGSIb3DQEB 
AOUAA4GNADCBiQKBgQC5HOUryOUXCgCcAp+xOUWTmHX3ujrwJCQaWdaIOnVg/AK7 
QPIIn80Aow/qlprrkXfDFmyD9rOtky9d59FpcHlSJ6cSy/rMOeK10Dxm3vv7pqgabO 
i3aJriCwpQXgcS91STyya6jJQln3M8ui8THG8on4cAkideZqyVu/I9f5Ggil5QlD 
AQABo2avyzARBglghkgBhvhCAQEEBAMCBkAvDgyDVROPAQB/BAODAgtvMBO6A10d 
DgQHBBTT+CBOBtOmlthLvfaJ4jXhoVayODAfBgNVBSHEGDAH9BSFQ3Z-M(Hfv9niL 
yNoV/fyFAfVuZlANBgkqhkiG9vOBAQUFAAOCAQBAISAj8CHjMoVlFv8UOZaOCNPz 
ktpFBqCljQNRaEOSrsi4fyChTWp-i'OBavR<«>2PPONhPkXZoUIyTvacB8ljshUuQc08 
/rWJ7i/NP2jkTDqa6BezDosdNwxVHiSCwjo08TIV5Bw2WFz98X5ASrAOAjlpQoKC 
KCJMvui91dI4/NDyRXbMH2ZeqWSdbBVPCpLuSp7ZO+olCmIs6H02eynQ8ROTLyg7 
omdXz8wuL4aCIK+KleqvdDcw2TymeTLWubwny8+FckN08sObrzdRh7+d059eAqQd 
8HORHBr8TpBaOyA7dfZpkpiKniwGcT45iTg+lBuXtxtaf JpJS2qcqSWxOMFOKw=» 
EHD CERTIFICATE 
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